1. Technical Field
The present invention generally relates to network security and in particular to Secure Socket Layer (SSL) encryption. Still more particularly, the present invention relates to upgrading/converting SSL certificates within a multi-format SSL network environment.
2. Description of the Related Art
Computing devices today are capable of performing many tasks. Conventional computing devices can execute various types of software products, and include the capability of forming a network when two or more computing devices are linked to send data and receive data. Computing devices are managed by and execute the software products using an operating system (O/S) that is running on the computing device. The O/S manages the hardware and software resources of the system and provides a stable, consistent way for applications to interact with the computing device hardware.
Security of data sent to computing devices within a network has become more and more important as many networks are connected to the Internet to allow users to access information via the Internet. Current security technologies in common deployment are insufficient for securing transactions within a network that is connected to the Internet and therefore the network and its component devices are at risk. Most existing browser-based security mechanisms, generally adequate for low-value business-to-consumer transactions, do not provide the enhanced security or flexibility required for protecting high-value commercial transactions and the sensitive data exchanges that comprise the transactions.
Therefore, digital signature schemes such as those that rely on public key cryptography have become a conventional method for verifying data transmissions. In public key cryptography, each user has a pair of keys: one public and one private. The public key is distributed freely, but the private key is kept secret and confidential. Another requirement is that it should be infeasible to derive the private key from the public key. Supporting information included with the public key is referred to as the certificate.
Typically, when a server system is purchased the server system includes a proprietary self-signed certificate that includes an expiration date and is not certified by a trusted third party (TTP). Unfortunately, within a network connected to the Internet, the clients of the server may not utilize the same proprietary SSL encryption library that the server uses. For example, the server may operate using a proprietary SSL encryption library while a client operates using an OpenSSL encryption scheme. Furthermore, for a client to upgrade its certificate, the server must upgrade its certificate simultaneously or the client and the server will lose the ability to communicate as a secure channel cannot be established without matching certificates. Also, if the upgrade is compromised, such as during or after installation, communication is lost between the client and the server.
Therefore, an adequate system for upgrading/converting client and server certificates simultaneously within a network environment has eluded those skilled in the art, until now.